Phishing Scams November 2024

The month of November saw a reported 9,200 phishing scams which impacted victims and led to $9.38 million in losses. This comes from a report via blockchain security firm ScamSniffer. The report noted that the crypto community saw another wave of evolving tactics via phishing scams in November. However this total amount stolen marked a 53% decline from October’s staggering $20.2 million.

Within the report it was highlighted how one particularly devastating incident saw an individual lose $661,000 worth of stETH (staked Ethereum) in just minutes. The scam took place as part of an evolved tactic as malicious actors leverage increasingly sophisticated methods to exploit unsuspecting users.

During November the scam had a recurring pattern of malicious signature requests. These were the most potent tool in the attackers’ arsenal as victims made the unknowing mistake of authorising signatures and transactions on their wallets which drained them entirely. This led to notable losses such as $409,000 in WBTC on the Arbitrum network and $344,000 in FET through Ethereum’s Uniswap platform. Another $220,000 in USDT was lost through a direct transfer.

Blockchain security firm ScamSniffer stated that the malicious signature requests remain the most effective weapon for phishing scammers. A new phishing method dubbed 'Angel Drainer' was at the fore of the scams as it seems to have taken over from the notorious Inferno Drainer operation. ScamSniffer noted it is similar to a hydra; when one head is cut off another simply replaces it. The total amount stolen in November was lower than in previous months but the number of victims remained alarmingly high.

Wider findings from blockchain security firms like CertiK reported that phishing accounted for $343.1 million in losses across 65 incidents in Q3 of 2024. Things such as fake accounts on social media platforms and deceptive Google ads are some of the most common tactics being employed by the scammers to draw in unsuspecting victims.

Crypto faces an uphill battle to curb the prevalence of phishing scams as attackers continue to refine their strategies. ScamSniffer’s report emphasises that users need to remain vigilant and stressed that one simple misplaced signature could lead to devastating financial losses. The firm urged users to tracking agencies like MistTrack to monitor suspicious transactions and flag potentially malicious activities in real time.

There are a wider amount of educational efforts emerging in the crypto space to ensure projects equip users with the tools and knowledge to avoid such phishing traps. ScamSniffer has recommended a combination of best practices, including verifying every signature request and avoiding impulsive actions during transactions.